Tuesday, September 9, 2014

Email and normal user name configuration with WSO2 IS

In this blog post I'm going to discuss how to configure WSO2 Identity Server to support email based user names for one user store and also normal String type user names to another user store.

This is supported in WSO2 IS 4.6 and 5.0 versions.

First you need to configure the Identity Server to support email based user names. You can refer this [1] blog post for the this configuration steps. You can configure the primary user store to have email user name as described in the blog.

Then you can add a secondary user store from Configure -> User Store Management configuration. Click on add secondary user store and give the necessary details for the user store which support both email and normal user name types. We will call this user store domain as "TEST".
When you configure this and strait away if you try to add an user with only String type user name which has alphanumeric chars it will complain that user name is not confirming to policy as shown below.

So in order to have both type of user names for TEST domain we need to add the following configuration for the user store. 
<Property name="UsernameWithEmailJavaScriptRegEx">^[\S]{3,30}$</Property>
This property defines the user name pattern to be used when email user name is enabled as discussed in the [1] blog.

However you cannot add this property from the User Store Manager configuration UI. Hence you need to edit the file manually. Usually the secondary user store properties for super tenant is placed in <IS_HOME>/repository/deployment/server/userstores/ directory with the domain name as here it will be TEST.xml

After adding the property you need to restart the server. Then try to add an user to TEST domain with normal String type user name (testuser1) from Configure -> Users and Roles -> Users and by clicking Add New User. Then try with email user name (testuser2@email.com).

With the configuration you will be able to add both type of users to this user store.

This is supported in super tenant mode only. So in multi-tenant deployment its recommend to have only one type of user name configuration.

[1] - http://sureshatt.blogspot.de/2013/07/attribute-email-based-user.html

No comments:

Post a Comment